Inside university servers, unauthorized pages are planted by hackers. No schools that were contacted had any idea the pages existed. The pages sent more money and traffic to the hackers, though it doesn’t appear any personal info was breached.
Hacker pages on higher Ed websites
To create these unauthorized pages, these hackers exploited security holes in departmental, student, and uploading functionality. These web sites seem to send traffic to web sites that are for-profit. The links on these college websites helped the hackers improve search engine rankings, as well as creating the appearance that the university was endorsing the page. When university webmasters and I.T. departments were contacted, they confirmed that they weren’t aware of these sites. Universities were already removing these pages as of 3 p.m. Wednesday afternoon.
Ohio business Street Smarts linked to hacked pages
The company in Ohio called Street Smarts owns the domain names that these unauthorized pages link to. Attempts to call Street Smarts resulted only in being told “wrong number” when asking for the business or the technical contact listed on the site registration. Shortly after these phone calls, these web sites were taken offline. In 2008, there was a hack of both government and educational websites. The 2008 attack took JavaScript code and used it to redirect web sites on dot-gov and dot-edu domains to myhome-loan-expert.com, creditloansrates.com, and latest-mortgages-rates.com. The phone numbers listed on the uploaded websites within the most recent attack incorporated a phone number in Austin, Texas that is out of service. The web sites redirected in 2008 also use that exact very same phone number. The code on the redirected and unauthorized sites appear to be nearly identical in CSS, JS, and HTML. To put it simply, the exact same company likely perpetrated both attacks.
Was personal details at risk
This hacking of educational sites exploits the good name of schools and tries to make money off phony information. Thankfully, it does not appear that the security holes that allowed these websites to be posted allowed any details out. Hackers could get data in to the websites, however they couldn’t get any out — probably. If security holes like this aren’t fixed, though, they can later be used to gain access to details like social security numbers. Security holes like this must be closed very easily, because education is happening a growing number of often online.
The danger of security exploits
A security breach like this can make it easy for scammers to collect personal data without visitors to the website ever knowing. The unauthorized webpages, on first glace, look like legitimate websites that belong on University servers. Visitors to the site who enter their personal information could very very easily be opening themselves up for fraud or identity theft.
Schools that were affected
The colleges, universities, and educational institutions affected by this attack are not listed in complete here. A search for these unauthorized pages showed these 50 schools as the first victims. You should do a very extensive search for these unauthorized pages in case you are the webmaster or administrator for an educational website.
- Beacon University
- Harvard University
- McNeese University
- Northeastern Illinois University
- Cornell University
- Georgia Tech
- The Browning School
- Valparaiso University
- Los Rios Community College District
- East Central University of Oklahoma
- Rutgers University
- Yale University
- University of Texas Medial Branch
- Stony Brook University
- Saint Xavier University
- Hardin Simmons University
- Arizona State University
- Stanford University
- Austin Independent School District
- Smith College of Massachusetts
- Highpoint University
- Rensselaer Polytechnic Institute
- Catholic Theological Union
- University of Washington
- Westminster Theological Seminary
- Lake Forest College in Chicago
- Southeastern Louisiana University
- American Samoa Community College
- Columbia College of Chicago
- University of Arkansas Fort Smith
- UC San Diego
- University of Scranton
- Piedmont Technical College
- Assumption University of Thailand
- Chemeketa Community College
- Information Sciences Institute at the University of Southern California
- University of Tennessee Martin
- The City University of New York
- Milwaukee Institute of Art & Design
- Instituto Guatemalteco Americano
- The University of Utah
- Juniata College
- Ohio State
- California State Christian University
- Sharif University of Technology
- The University of North Carolina at Chapel Hill
- Brigham Young University
- The University of Arkansas
- The University of Virginia
